Over half of critical systems in the Americas targeted: survey

Cyber campaigns that seek to compromise critical infrastructure are more common in the Americas than the general public realises, according to a survey cited by Reuters, in which over half of the organisations polled said they had encountered attempts to hijack their command-and-control systems.

The survey, conducted by the Organisation of American States (OAS) throughout North and South America and compiled on its behalf by Trend Micro, is due to be released today. The poll found that 54% of critical infrastructure organisations had seen "attempts to manipulate" real-world machinery through cyber-attacks. Some 40% reported attempts to shut down their networks and 44% had encountered campaigns to delete data.

Only 60% of the 575 respondents reported attempts by attackers to steal data, marking a significant shift in the goals of cyber-attackers.

Following last year's apparent hacktivism campaign against US-based Sony Pictures Entertainment, in which the film studio experienced widespread network outages and data theft, the perception was enforced that hackers are mainly interested in stealing data and that damage on the scale that Sony experienced was a rarity.

"Everyone got outraged over Sony, but far more vulnerable are these services we depend on day to day," said Adam Blackwell, secretary of multidimensional security at OAS.

Continues on next page>>

OAS is based in Washington DC and is made up of 35 member states. The survey was given to entities operating in sectors deemed crucial by OAS members. Almost one third of respondents were public sector bodies. The majority of respondents represented the communications, security or finance industries.

Blackwell gave an example of an attack involving an unnamed financial institution, where attackers syphoned funds from accounts and then deleted transaction data, which meant the target organisation had trouble identifying which customers were entitled to reimbursement.

"That was a really important component" of the attack, Blackwell said.

Another attack saw a "diversion of resources" within a petroleum company. Blackwell also spoke of government apathy in security spending and foresees a number of possible future scenarios, including public safety concerns and power blackouts.

Other scenarios prevalent in the survey responses were hacktivist campaigns, attacks from organised crime groups and the use of ransomeware to encrypt systems until a payment is made to the attacker.

"We are facing a clear and present danger where we have non-state actors willing to destroy things," said Tom Kellerman, vice president, Trend Micro. "This is going to be the year we suffer a catastrophe in the hemisphere, and when you will see kinetic response to a threat actor."